Recent advances in artificial intelligence (AI) and machine learning have enabled new game-changing technologies for humans to interact with machines using voices. It is now possible for everyday users to converse with voice assistants, such as Bixby, Siri, Google Assistant to set the alarm, call a friend, arrange appointments on the calendar, etc.
Besides improving the living standards, these new technologies also change the landscape of cyber threats.
Recently, scientists have demonstrated that these voice assistant systems are susceptible to signal injection at the inaudible frequencies. Until now, most of the existing works focus primarily on delivering a single command via line-of-sight ultrasound speaker or extending the range of this attack via speaker array. However, besides air, sound waves also propagate through other materials where vibration is possible.
In a new study, scientists from Washington University in St. Louis aim to comprehend the characteristics of this new genre of attack in the context of different transmission media.
Scientists have already shown that ultrasonic waves can be used to deliver a single command through the air. In this study, scientists expand the scope of vulnerability that ultrasonic waves pose to cellphone security.
Without making any sound, the ultrasonic waves can activate Siri on your cellphone and have it make calls, take images, or read the contents of a text to a stranger. All without the phone owner’s knowledge.
Scientists found that these waves can propagate through numerous solid surfaces to actuate voice recognition systems, and — with the addition of some heap hardware — the person initiating the attack can likewise hear the phone’s response.
Ning Zhang, assistant professor of computer science and engineering at the McKelvey School of Engineering, said, “We want to raise awareness of such a threat. I want everybody in public to know this.”
Scientists sent voice commands to cellphones as they sat inconspicuously on a table, next to the owner. With the addition of a stealthily placed microphone, they were able to communicate back and forth with the phone, eventually controlling it remotely.
Zhang explained, “Ultrasonic waves are sound waves in a frequency that is higher than humans can hear. Cellphone microphones, however, can and do record these higher frequencies. If you know how to play with the signals, you can manipulate them such that when the phone interprets the incoming sound waves, it will think that you are saying a command.”
In another experiment, scientists set out to determine the transmission ability of ultrasonic waves through solid surfaces. The experiment included a phone on a table. The microphone and piezoelectric transducer (PZT) were attached to the bottom of the table. On the other side of the table from the phone, ostensibly hidden from the phone’s user, is a waveform generator to generate the correct signals.
Scientists conducted the following two attacks as a demonstration:
- Hacking an SMS passcode. SMS-based two-factor authentication has been widely adopted by almost all primary services, which often delivers one-time passwords over SMS. A SurfingAttack adversary can activate the victim’s device to read SMS messages in secret, thereby extracting SMS passcodes.
The attacker first told the virtual assistant to turn the volume down to Level 3. At this volume, the victim did not notice their phone’s responses in an office setting with a moderate noise level.
Then, when a simulated message from a bank arrived, the attack device sent the “read my messages” command to the phone. The response was audible to the microphone under the table, but not to the victim.
- Making fraudulent calls. A SurfingAttack adversary can also take control of the owner’s phone to call arbitrary numbers and conduct an interactive dialogue for phone fraud using the synthetic voice of the victim.
Using the microphone under the table, the attacker was able to carry on a conversation.
The test included 17 different phone models, including popular iPhones, Galaxy, and Moto models. All but two were vulnerable to ultrasonic wave attacks.
Scientists also tested different table surfaces and phone configurations.
Zhang said, “We did it on metal. We did it on the glass. We did it on wood. We tried placing the phone in different positions, changing the orientation of the microphone. We placed objects on the table in an attempt to dampen the strength of the waves. It still worked. Even at distances as far as 30 feet.”
“Ultrasonic wave attacks also worked on plastic tables, but not as reliably.”
“Phone cases only slightly affected the attack success rates. Placing water on the table, potentially to absorb the waves, did not affect. Moreover, an attack wave could simultaneously affect more than one phone.”
Zhang said the success of the “surfing attack,” as it’s called in the paper, highlights the less-often discussed the link between the cyber and the physical. Often, media outlets report on ways in which our devices are affecting the world we live in: Are our cellphones ruining our eyesight? Do headphones or earbuds damage our ears? Who is to blame if a self-driving car causes an accident?
“I feel like not enough attention is being given to the physics of our computing systems. This is going to be one of the keys to understanding attacks that propagate between these two worlds.”
However, the study also suggested some defense mechanisms that could protect against such an attack. It includes the use of software that examines the received signal to discriminate between ultrasonic waves and genuine human voices. Another idea is to change the layout of cell phones; for example, the placement of the microphone, to dampen or suppress ultrasound waves could also stop a surfing attack.
Zhang said, “there’s a simple way to keep a phone out of harm’s way of ultrasonic waves: the interlayer-based defense, which uses a soft, woven fabric to increase the ‘impedance mismatch.'”
This study was conducted in the collaboration between scientists from Michigan State University, the University of Nebraska-Lincoln, and the Chinese Academy of Sciences.
- SurfingAttack: Interactive Hidden Attack on VoiceAssistants Using Ultrasonic Guided Waves. DOI: 10.14722/ndss.2020.24068